This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/3t2i7D6LwCBXg2WC7kaLwhv6d6M.roa
File:                     3t2i7D6LwCBXg2WC7kaLwhv6d6M.roa (raw, json)
Hash identifier:          ERi3gnqWc7RLQoXaiIVWxm7fYsPyBOG1wAk9wSa8tYY=
Subject key identifier:   DE:DD:A2:EC:3E:8B:C0:20:57:83:65:82:EE:46:8B:C2:1B:FA:77:A3
Certificate issuer:       /CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
Certificate serial:       019BE1141D01A189E9563D7A870FEA69F7D8
Authority key identifier: 1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/3t2i7D6LwCBXg2WC7kaLwhv6d6M.roa
Signing time:             Wed 21 Jan 2026 15:02:30 +0000
ROA not before:           Wed 21 Jan 2026 15:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205570
IP address blocks:        131.222.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e1:14:1d:01:a1:89:e9:56:3d:7a:87:0f:ea:69:f7:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dc22595fc1f588fbc4dde07c1c394998f33a7
        Validity
            Not Before: Jan 21 15:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dedda2ec3e8bc02057836582ee468bc21bfa77a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:44:f9:1c:a7:33:cf:24:dc:ed:a7:82:c7:2f:
                    73:a7:13:43:de:7f:a0:64:04:c5:d4:f9:9f:58:68:
                    23:30:0e:19:f4:ac:e2:32:72:80:c2:83:3b:dd:48:
                    b7:41:b1:9a:44:c5:19:b9:fd:07:4c:fe:35:d1:99:
                    86:57:d0:14:b3:10:30:08:59:5e:02:e5:ff:83:96:
                    6b:d1:13:11:93:37:d2:21:e4:29:15:63:00:64:a6:
                    c2:0f:cf:6c:41:14:11:c2:d0:5a:f8:62:73:4a:05:
                    c9:0b:f7:51:f2:fd:5e:98:91:06:f5:aa:42:79:86:
                    7c:15:e2:1c:fb:df:82:49:e2:6d:74:9d:e3:5a:ad:
                    b7:83:9d:86:93:4c:c3:18:65:56:68:4d:6f:e4:9a:
                    2f:6b:16:99:6a:fa:7c:aa:fc:a4:23:03:04:65:a4:
                    08:ef:ca:7b:92:4b:3d:45:f7:12:5c:89:62:ac:88:
                    19:7e:95:93:b3:61:32:33:48:05:e4:41:3b:5e:ce:
                    42:66:a8:89:f1:ee:fb:c1:4c:1e:a8:09:48:9c:ab:
                    08:b9:bd:b2:85:96:12:1c:65:2a:2b:2d:22:f5:58:
                    a6:cb:9f:09:6d:50:02:90:61:8b:b2:cd:55:44:c8:
                    ad:86:c1:a8:17:24:04:be:ae:fb:82:0e:fc:98:b6:
                    c6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DD:A2:EC:3E:8B:C0:20:57:83:65:82:EE:46:8B:C2:1B:FA:77:A3
            X509v3 Authority Key Identifier:
                keyid:1A:4D:C2:25:95:FC:1F:58:8F:BC:4D:DE:07:C1:C3:94:99:8F:33:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/3t2i7D6LwCBXg2WC7kaLwhv6d6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/0f12f2-8a2b-4346-b6b6-2b78b19b5a87/1/Gk3CJZX8H1iPvE3eB8HDlJmPM6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.222.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:85:22:de:68:03:1b:44:c3:74:56:66:c7:5c:c4:8a:6d:49:
         9f:db:a1:c8:b9:4e:59:2b:31:df:9e:1a:2b:61:06:79:0f:29:
         de:08:af:8b:86:78:f1:20:76:0c:29:d4:02:42:6e:1b:eb:75:
         22:dc:3d:b1:46:16:a7:55:ca:dc:db:af:51:e4:9e:84:8f:09:
         0b:bf:5c:2d:c2:82:4c:8e:88:8b:59:21:77:c9:19:b9:75:74:
         8e:c4:e6:7f:f2:44:27:ec:5f:06:17:85:56:39:f2:85:f7:56:
         b6:53:f8:ab:c5:c3:de:6d:0c:48:7b:a9:c8:3a:e2:fa:3e:23:
         e8:30:f6:19:6b:50:ca:8a:95:56:97:ee:2e:8c:45:71:64:fe:
         29:52:95:1f:cd:57:c1:6e:44:87:ab:00:7e:21:d6:b7:6f:40:
         fe:b5:1f:c6:50:52:cb:47:d7:91:b7:e4:92:b2:b6:4c:2c:0a:
         18:be:35:df:84:51:89:ae:96:89:12:ed:1c:0a:5c:ed:e5:d8:
         f6:b5:87:a9:12:74:a6:55:4e:36:73:d8:6d:af:3b:2c:f8:44:
         c9:8b:8c:58:e8:33:48:5b:3a:94:9f:63:24:de:78:29:ad:07:
         fa:cb:50:71:4d:70:d5:09:ad:58:67:c5:37:97:8e:54:64:76:
         11:b9:34:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvhFB0BoYnpVj16hw/qaffYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRjMjI1OTVmYzFmNTg4ZmJjNGRkZTA3YzFjMzk0OTk4
ZjMzYTcwHhcNMjYwMTIxMTUwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWRkYTJlYzNlOGJjMDIwNTc4MzY1ODJlZTQ2OGJjMjFiZmE3N2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkT5HKczzyTc7aeCxy9zpxND3n+g
ZATF1PmfWGgjMA4Z9KziMnKAwoM73Ui3QbGaRMUZuf0HTP410ZmGV9AUsxAwCFle
AuX/g5Zr0RMRkzfSIeQpFWMAZKbCD89sQRQRwtBa+GJzSgXJC/dR8v1emJEG9apC
eYZ8FeIc+9+CSeJtdJ3jWq23g52Gk0zDGGVWaE1v5JovaxaZavp8qvykIwMEZaQI
78p7kks9RfcSXIlirIgZfpWTs2EyM0gF5EE7Xs5CZqiJ8e77wUweqAlInKsIub2y
hZYSHGUqKy0i9Vimy58JbVACkGGLss1VRMithsGoFyQEvq77gg78mLbGPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7douw+i8AgV4Nlgu5Gi8Ib+nejMB8GA1UdIwQY
MBaAFBpNwiWV/B9Yj7xN3gfBw5SZjzOnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYt
MmI3OGIxOWI1YTg3LzEvM3QyaTdENkx3Q0JYZzJXQzdrYUx3aHY2ZDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8wZjEyZjItOGEyYi00MzQ2LWI2YjYtMmI3OGIxOWI1YTg3
LzEvR2szQ0paWDhIMWlQdkUzZUI4SERsSm1QTTZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg97/MA0G
CSqGSIb3DQEBCwUAA4IBAQBthSLeaAMbRMN0VmbHXMSKbUmf26HIuU5ZKzHfnhor
YQZ5DyneCK+LhnjxIHYMKdQCQm4b63Ui3D2xRhanVcrc269R5J6EjwkLv1wtwoJM
joiLWSF3yRm5dXSOxOZ/8kQn7F8GF4VWOfKF91a2U/irxcPebQxIe6nIOuL6PiPo
MPYZa1DKipVWl+4ujEVxZP4pUpUfzVfBbkSHqwB+Ida3b0D+tR/GUFLLR9eRt+SS
srZMLAoYvjXfhFGJrpaJEu0cClzt5dj2tYepEnSmVU42c9htrzss+ETJi4xY6DNI
WzqUn2Mk3ngprQf6y1BxTXDVCa1YZ8U3l45UZHYRuTQJ
-----END CERTIFICATE-----